openstack-manuals

Add audit ids to tokens

Bug #1360095 reported by OpenStack Infra on 2014-08-22

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	openstack-manuals	Won't Fix	Medium	Khushbuparakh	openstack-manuals ocata

Bug Description

https://review.openstack.org/114306
commit 56527ee6575455ab664c3b7b247ef3db62cc2719
Author: Morgan Fainberg <email address hidden>
Date: Thu Aug 14 11:00:36 2014 -0700

Add audit ids to tokens

    Add audit identifiers to each token. If the token is a rescoped token
    the audit identifier will be a list where index 0 being the token's
    audit id and index 1 is the initial token in the chain's audit_id.

If the token is not rescoped, the token's audit_ids will only contain
the audit_id of the token itself (at index 0).

    This change is to resolve a method of performing token revocations
    on individual tokens without needing to rely on the low
    resolution of token expires time.

DocImpact

Change-Id: If5fdf187bd525f273281f9fdf53bdc8865164289
bp: non-persistent-tokens

Tags:

Joseph Robinson (joseph-r-email) on 2014-08-28

Changed in openstack-manuals:
status:	New → Fix Committed

Revision history for this message

Joseph Robinson (joseph-r-email) wrote on 2014-08-28:

Review at https://review.openstack.org/#/c/114306/ has closed the Audit Identifiers bug reported here.

Revision history for this message

Andreas Jaeger (jaegerandi) wrote on 2014-09-07:

Joseph, 114306 is the bug that opened this, so let me reopen...

Changed in openstack-manuals:
status:	Fix Committed → New

Revision history for this message

Tom Fifield (fifieldt) wrote on 2014-09-09:

To fix this, we need to write something more generally about auditing. Tagging sec-guide,.

tags:	added: sec-guide
Changed in openstack-manuals:
milestone:	none → juno
status:	New → Triaged
importance:	Undecided → Low
importance:	Low → Wishlist
importance:	Wishlist → Low

Bryan D. Payne (bdpayne) on 2015-02-04

Changed in openstack-manuals:
importance:	Low → Medium

Tom Fifield (fifieldt) on 2015-02-27

Changed in openstack-manuals:
milestone:	juno → kilo

Tom Fifield (fifieldt) on 2015-06-11

Changed in openstack-manuals:
milestone:	kilo → liberty

KATO Tomoyuki (kato-tomoyuki) on 2016-01-04

Changed in openstack-manuals:
milestone:	liberty → mitaka

Khushbuparakh (khushbuparakh) on 2016-03-08

Changed in openstack-manuals:
assignee:	nobody → khushbu (khushbuparakh)

KATO Tomoyuki (kato-tomoyuki) on 2016-04-18

Changed in openstack-manuals:
milestone:	mitaka → newton

KATO Tomoyuki (kato-tomoyuki) on 2016-10-23

Changed in openstack-manuals:
milestone:	newton → ocata

Revision history for this message

Lana (loquacity) wrote on 2016-11-29:

Looking through the original patch (https://review.openstack.org/#/c/114306/ See Anne's question and Morgan's reply on patchset 3), and the current documentation for keystone tokens (http://docs.openstack.org/admin-guide/identity-tokens.html and http://docs.openstack.org/security-guide/identity/tokens.html) I can't see a good place to add a line about auditing, or even determine what that information should be. I'm happy to have this bug reopened with more information, but for now I think the documentation is as complete as it can be on this topic at this time.

Changed in openstack-manuals:
status:	Triaged → Won't Fix

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.